“As we’ve come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided.”

– Art Wittmann

We make cybersecurity speak easy…..

Connecting you with us

1

Contact CDS for a Free Dark Web Analysis of your organization?

Call: 215.395.8900 or info@Cyberdefensesystems.net

2

Schedule a Cybersecurity Assessment with a member of our cyber team

Through a consultative approach - We’ll ask lot’s of questions regarding your infrastructure and organization, to help us tailor a solution that fits your business or organization

3

Schedule your on-boarding and training

On-boarding and training depends on the size of your organization. CDS can typically perform this in a couple of days to a week. Enjoy the peace of mind that comes with taking control of your business security in an effort to help mitigate malicious cyber threats (including ransomware).

FAQs

“What is ransomware and what impact will this have on my business?”

Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Most businesses that are attacked experience significant downtime, resulting in lost revenue. You may also lose customers and potential new business. Sometimes the cheapest solution is to pay a ransom, but there’s no guarantee you’ll get your data back. Yet doing so fuels a vicious cycle of cyber crime against small businesses.


“I have antivirus protection and a firewall - why do I need additional cybersecurity software?”

Antivirus protection still offers some protection against malware and viruses, particularly those used by less experienced or sophisticated hackers. The problem is that, on its own, antivirus protection is no longer enough to keep your data secure. Why? Because the threat landscape is changing, and it’s evolving faster than antivirus programs can keep pace with. Put simply then; no organization can afford to overlook their cybersecurity planning. It should be part of every business continuity plan. What should companies be on the lookout for in the future?

Firewalls are considered your first line of defense. It can keep the wrong things from coming in or leaving, but it won’t protect you from issues that are already inside the property. To be fully protected, you need additional tools that augment the firewall. For example, a firewall can’t stop files from being deleted or a USB drive contaminated with malware from getting plugged into your system. It can’t stop data leakage or employees from clicking on dangerous email links that get through.

Firewalls also tend to give you a false sense of security because of the widely held misconception they are a one-time, set-it-and-forget-it technology. In reality, to be effective, someone needs to update the firewall regularly. Some firewalls have expiration dates and don’t receive support or updates after a specific period. Even a next-generation firewall, which proactively identifies and stops attacks by learning suspicious behavior, needs to be appropriately configured to prevent attacks.

Ultimately, though an essential part of an overall security setup, firewalls only address specific types of threats.

“What should I do if my business is a victim of a cyber attack?”

Preparation: Ensure your employees are properly trained regarding their incident response roles and responsibilities in the event of data breach

  • Develop incident response drill scenarios and regularly conduct mock data breaches to evaluate your incident response plan.

  • Ensure that all aspects of your incident response plan (training, execution, hardware and software resources, etc.) are approved and funded in advance

Identification: This is the process where you determine whether you’ve been breached. A breach, or incident, could originate from many different areas. Questions to address:

  • When did it happen?

  • How was it discovered?

  • Who discovered it?

  • Have any other areas been impacted?

  • What is the scope of the compromise?

  • Does it affect operations?

  • Has the source (point of entry) of the event been discovered?

Containment: When a breach is first discovered, your initial instinct may be to securely delete everything so you can just get rid of it. However, that will likely hurt you in the long run since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again.

Instead, contain the breach so it doesn’t spread and cause further damage to your business. If you can, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It’s also good to have a redundant system back-up to help restore business operations. That way, any compromised data isn’t lost forever.

This is also a good time to update and patch your systems, review your remote access protocols (requiring mandatory, multi-factor authentication), change all user and administrative access credentials and harden all passwords.

Eradication: Once you’ve contained the issue, you need to find and eliminate the root cause of the breach. This means all malware should be securely removed, systems should again be hardened and patched, and updates should be applied. Whether you do this yourself, or hire a third party to do it, you need to be thorough. If any trace of malware or security issues remain in your systems, you may still be losing valuable data, and your liability could increase.
 Questions to address :

  • Have artifacts/malware from the attacker been securely removed?

  • Has the system be hardened, patched, and updates applied?

  • Can the system be re-imaged?

Recovery: This is the process of restoring and returning affected systems and devices back into your business environment. During this time, it’s important to get your systems and business operations up and running again without the fear of another breach.

Questions to address :

  • When can systems be returned to production?

  • Have systems been patched, hardened and tested?

  • Can the system be restored from a trusted back-up?

  • How long will the affected systems be monitored and what will you look for when monitoring?

  • What tools will ensure similar attacks will not reoccur? (File integrity monitoring, intrusion detection/protection, etc)

Lessons Learned: Once the investigation is complete, hold an after-action meeting with all Incident Response Team members and discuss what you’ve learned from the data breach. This is where you will analyze and document everything about the breach. Determine what worked well in your response plan, and where there were some holes. Lessons learned from both mock and real events will help strengthen your systems against the future attacks.

Questions to address: 

  • What changes need to be made to the security?

  • How should employee be trained differently?

  • What weakness did the breach exploit?

  • How will you ensure a similar breach doesn’t happen again?

No one wants to go through a data breach, but it’s essential to plan for one. Prepare for it, know what to do when it happens, and learn all that you can afterwards.

Let us help you protect your business.